Question ID:
2018_4108
Legal Act:
Directive 2015/2366/EU (PSD2)
Topic:
Strong customer authentication and common and secure communication (incl. access)
Article:
97
Paragraph:
1
Subparagraph:
b
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations:
Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Article/Paragraph:
Not applicable
Disclose name of institution / entity:
Yes
Name of institution / submitter:
EPSM, European Association of Payment Service Providers for Merchants
Country of incorporation / residence:
Germany
Type of submitter:
Industry association
Subject Matter:
Scope of ‘initiation of an electronic payment transaction’
Question:

Does a card payment transaction, authenticated with a signature at the point of sale, fall under the scope of Article 97 (I) (b) PSD2? Is there a difference if the signature is provided on a paper or on a signature pad (e.g. electronic signature pad or signature capture at a payment terminal)?

Background on the question:

EBA analysed in the Final Report on Draft RTS on strong customer authentication (SCA) and secure communication (dated 23 February 2017) that ‘anything initiated via paper…‘ is out of scope of SCA under PSD2. As some jurisdictions in the European community clarify that a signature provided on a signature pad has the same legal quality as on paper, we believe the signatures on paper and on signature pads should be treated equally.

One competent authority clarified that a payment by card and signature does not initiate an electronic payment in the meaning of PSD2 (see: https://www.bafin.de/SharedDocs/Veroeffentlichungen/DE/Fachartikel/2018/fa_bj_1806_Starke_Kundenauthentifizierung.html

As credit card payment transactions based on the magnetic stripe and PIN will not be compliant with the RTS, signature authorised transaction could serve as a fall back solution in (the rare) cases the chip or the chip reader of the terminal does not function correctly.

Date of submission:
13/07/2018
Published as Final Q&A:
20/12/2019
EBA Answer:

Pursuant to Article 97 (1)(b) Directive 2015/2366/EU (PSD2), Member States shall ensure that a payment service provider applies strong customer authentication (SCA) when the payer initiates an electronic payment transaction. As stated in Q&A 2018_4031, card-based payment transactions are considered as payment transactions initiated by the payer through the payee and thus fall under Article 97(1)(b) PSD2.

The nature, electronic or not, of a given element used for authorisation, as referred to in Article 64(1) PSD2, or authentication, as defined in Article 4(29) PSD2, such as a signature, is not relevant for assessing whether or not the respective payment transaction falls under the scope of Article 97(1)(b) PSD2.

Accordingly, card-based electronic payment transactions that require the signature of the payer at the point of sale for authorisation or authentication fall under the scope of Article 97(1)(b) PSD2.

 

Disclaimer:

This question goes beyond matters of consistent and effective application of the regulatory framework. A Directorate General of the Commission (Directorate General for Financial Stability, Financial services and Capital Markets Union) has prepared the answer, albeit that only the Court of Justice of the European Union can provide definitive interpretations of EU legislation. This is an unofficial opinion of that Directorate General, which the European Banking Authority publishes on its behalf. The answers are not binding on the European Commission as an institution. You should be aware that the European Commission could adopt a position different from the one expressed in such Q&As, for instance in infringement proceedings or after a detailed examination of a specific case or on the basis of any new legal or factual elements that may have been brought to its attention.

Status:
Final Q&A